z0g7yail0.com a podobné radosti

[Z0MBie]

Zdravím, nedávno jsem chytil nějakou rýmičku (sshnas21.dll apod.). Poslal jsem na ní NOD32, ale stále mi tu po ní zůstávají nějaké zbytky.
Každých ~10 minut mi nod hlásí, že zablokoval pokus o vlezení na stránku z0g7yail0.com?nějakejBláznivejHashkód a pokud spouštím aplikace exotičtějšími způsoby, než pomocí zástupců nebo v cmd (například přes Total Commander), tak mi to vypisuje buď že při vykonávání programu došlo k chybě a nebo že nastavení internetu mi brání ve spuštění tohoto softwaru.
Zajímavé je, že při zapnutí přes konzoli je vše OK. Pokusil jsem se udělat log z RSIT, ale když se pokouší spustit si HiJackThis, tak se mu to nepodaří (právě díky téhle chybě), takže jsem si hjt pustil manuálně a přikládám log z hjt přikládám pod RSIT.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Marek at 2010-11-13 11:10:38
Microsoft Windows 7 Professional
System drive C: has 57 GB (19%) free of 302 GB
Total RAM: 3318 MB (25% free)


======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4123626388-2286366979-2164033099-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4123626388-2286366979-2164033099-1000UA.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-22 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Foxit Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2010-05-13 288112]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2010-04-05 495708]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2010-04-17 13838952]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2010-04-17 92776]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-03-04 284696]
"IMSS"=C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2010-04-14 112152]
"DellControlPoint"=C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [2009-11-02 657920]
"WavXMgr"=C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [2010-01-14 147328]
"USCService"=C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [2010-01-14 34232]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-12-29 140520]
"DellBtrEvent"=D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe [2009-08-25 147456]
"Dell Webcam Central"=C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2009-07-08 413827]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"IR_SERVER"=C:\Program Files\MSI\REALTEK DTV USB DEVICE\IR_SERVER.exe []
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files\Steam\Steam.exe [2010-08-24 1242448]
"Google Update"=C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
"RGSC"=C:\Phoenix\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []
"NetLimiter"=C:\Program Files\NetLimiter 3\NLClientApp.exe [2010-08-30 1781760]
"U36VRSFLG6"=C:\Users\Marek\AppData\Local\Temp\Kqh.exe []
"GizmoDriveDelegate"=C:\PROGRA~1\GIZMO\GDRIVE.DLL [2010-08-26 390752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
C:\PROGRA~1\POWERM~1\POWERM~1.EXE [2002-12-20 57344]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Monitor Apache Servers.lnk - C:\Phoenix\Devel\Apache\bin\ApacheMonitor.exe
Správce systému Dell ControlPoint System Manager.lnk - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
TdmNotify.lnk - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
TMMonitor.lnk - C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe

C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BulletProof FTP Server 2010\bpftpserver-2010.exe"="C:\Program Files\BulletProof FTP Server 2010\bpftpserver-2010.exe:*:Enabled:BulletProof FTP Server 2010 (http://www.bpftpserver.com)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-11-13 11:10:39 ----D---- C:\Program Files\trend micro
2010-11-13 11:10:38 ----D---- C:\rsit
2010-11-12 15:21:28 ----D---- C:\Program Files\TNod User & Password Finder
2010-11-12 15:20:17 ----D---- C:\ProgramData\ESET
2010-11-12 15:20:17 ----D---- C:\Program Files\ESET
2010-11-01 19:28:34 ----D---- C:\Users\Marek\AppData\Roaming\DJJava
2010-11-01 19:28:26 ----D---- C:\ProgramData\Protexis
2010-11-01 19:28:21 ----RSH---- C:\Windows\system32\853ADC3025.dll
2010-11-01 19:27:34 ----D---- C:\Program Files\decomp
2010-10-29 16:46:52 ----A---- C:\Windows\MC10demo.INI
2010-10-29 16:46:44 ----D---- C:\Program Files\Spectrum Software
2010-10-29 16:36:20 ----D---- C:\Program Files\HaspEmulPE.XP
2010-10-29 16:32:44 ----A---- C:\Windows\system32\drivers\HASPVDD.DLL
2010-10-29 16:32:44 ----A---- C:\Windows\system32\drivers\HASPDOS.SYS
2010-10-29 16:27:58 ----A---- C:\Windows\MC9.INI
2010-10-29 16:27:35 ----A---- C:\Windows\system32\drivers\hardlock.sys
2010-10-29 16:27:10 ----A---- C:\Windows\system32\haspvdd.dll
2010-10-29 16:27:10 ----A---- C:\Windows\system32\haspdos.sys
2010-10-29 16:27:10 ----A---- C:\Windows\system32\drivers\Haspnt.sys
2010-10-29 16:26:49 ----D---- C:\Program Files\MC9
2010-10-28 15:01:10 ----D---- C:\Users\Marek\AppData\Roaming\WebApps
2010-10-28 15:00:23 ----D---- C:\Users\Marek\AppData\Roaming\Prism
2010-10-28 10:46:26 ----D---- C:\Windows\pss
2010-10-27 19:49:17 ----A---- C:\Windows\system32\msdri.dll
2010-10-27 19:49:17 ----A---- C:\Windows\system32\CPFilters.dll
2010-10-27 19:49:11 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2010-10-26 22:49:42 ----D---- C:\Users\Marek\AppData\Roaming\PDF Writer
2010-10-26 22:49:42 ----D---- C:\ProgramData\PDF Writer
2010-10-26 22:47:39 ----D---- C:\Program Files\Common Files\Bullzip
2010-10-26 22:47:39 ----A---- C:\Windows\system32\bzDCT.dll
2010-10-26 22:47:38 ----A---- C:\Windows\system32\bzpdfc.dll
2010-10-26 22:47:38 ----A---- C:\Windows\system32\bzFlRdr.dll
2010-10-26 22:47:36 ----A---- C:\Windows\system32\bzpdf.dll
2010-10-26 22:47:31 ----D---- C:\Program Files\Bullzip
2010-10-22 20:09:54 ----D---- C:\ProgramData\Locktime
2010-10-22 20:09:54 ----D---- C:\Program Files\NetLimiter 3
2010-10-20 11:04:34 ----D---- C:\ProgramData\TEMP
2010-10-20 11:04:10 ----D---- C:\Program Files\BulletProof FTP Server 2010
2010-10-17 22:07:33 ----D---- C:\Program Files\WinSCP
2010-10-17 17:09:08 ----D---- C:\Program Files\Ghostgum
2010-10-16 17:51:05 ----D---- C:\Program Files\ophcrack
2010-10-14 12:28:45 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-14 12:28:44 ----A---- C:\Windows\system32\ole32.dll
2010-10-14 12:28:43 ----A---- C:\Windows\system32\iertutil.dll
2010-10-14 12:28:42 ----A---- C:\Windows\system32\urlmon.dll
2010-10-14 12:28:42 ----A---- C:\Windows\system32\mshtml.dll
2010-10-14 12:28:42 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-14 12:28:42 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-14 12:28:42 ----A---- C:\Windows\system32\ieframe.dll
2010-10-14 12:28:41 ----A---- C:\Windows\system32\wininet.dll
2010-10-14 12:28:41 ----A---- C:\Windows\system32\mstime.dll
2010-10-14 12:28:41 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-14 12:28:41 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-14 12:28:41 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-14 12:28:41 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-14 12:28:41 ----A---- C:\Windows\system32\ieui.dll
2010-10-14 12:28:41 ----A---- C:\Windows\system32\iepeers.dll
2010-10-14 12:28:41 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-14 12:28:35 ----A---- C:\Windows\system32\t2embed.dll
2010-10-14 12:28:34 ----A---- C:\Windows\system32\schannel.dll
2010-10-14 12:28:33 ----A---- C:\Windows\system32\comctl32.dll
2010-10-14 12:28:32 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-14 12:28:32 ----A---- C:\Windows\system32\mfc40.dll
2010-10-14 12:28:21 ----A---- C:\Windows\system32\wmp.dll
2010-10-14 12:28:20 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-14 12:28:15 ----A---- C:\Windows\system32\win32k.sys
2010-10-14 12:28:12 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-14 12:28:12 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-14 12:28:12 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-14 12:28:12 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-14 12:28:10 ----A---- C:\Windows\system32\StructuredQuery.dll

======List of files/folders modified in the last 1 months======

2010-11-13 11:10:55 ----D---- C:\Windows\Temp
2010-11-13 11:10:41 ----D---- C:\Windows\Prefetch
2010-11-13 11:10:39 ----RD---- C:\Program Files
2010-11-13 11:10:15 ----D---- C:\Bordel
2010-11-13 10:16:31 ----A---- C:\Windows\system32\bipbsp_log.txt
2010-11-13 00:44:18 ----A---- C:\Windows\system32\log.txt
2010-11-12 20:39:49 ----D---- C:\Windows\system32\config
2010-11-12 20:33:33 ----SHD---- C:\System Volume Information
2010-11-12 19:19:59 ----D---- C:\Windows\System32
2010-11-12 19:19:58 ----D---- C:\Windows\inf
2010-11-12 19:19:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-12 19:15:21 ----D---- C:\Program Files\Steam
2010-11-12 19:15:15 ----D---- C:\Users\Marek\AppData\Roaming\Dropbox
2010-11-12 19:02:42 ----D---- C:\Windows\Minidump
2010-11-12 19:02:14 ----D---- C:\Windows
2010-11-12 16:16:19 ----D---- C:\Users\Marek\AppData\Roaming\.minecraft
2010-11-12 15:20:43 ----SHD---- C:\Windows\Installer
2010-11-12 15:20:38 ----D---- C:\Windows\system32\drivers
2010-11-12 15:20:38 ----D---- C:\Windows\system32\catroot
2010-11-12 15:20:37 ----D---- C:\Windows\system32\DriverStore
2010-11-12 15:20:17 ----HD---- C:\ProgramData
2010-11-12 15:15:11 ----D---- C:\Windows\system32\Tasks
2010-11-12 15:15:10 ----D---- C:\Windows\Tasks
2010-11-12 10:11:33 ----D---- C:\Users\Marek\AppData\Roaming\X-Chat 2
2010-11-11 19:31:08 ----D---- C:\Program Files\Mozilla Thunderbird
2010-11-09 18:58:10 ----D---- C:\Program Files\Mozilla Firefox
2010-11-05 00:10:38 ----D---- C:\Users\Marek\AppData\Roaming\vlc
2010-11-04 17:23:37 ----D---- C:\Phoenix
2010-11-03 22:03:07 ----D---- C:\Program Files\Garena
2010-10-31 21:02:37 ----D---- C:\Windows\system32\catroot2
2010-10-30 10:36:30 ----D---- C:\Windows\system32\wdi
2010-10-29 16:46:44 ----HD---- C:\Program Files\InstallShield Installation Information
2010-10-29 16:27:28 ----D---- C:\Windows\system32\Setup
2010-10-29 08:54:22 ----D---- C:\Windows\winsxs
2010-10-28 22:56:15 ----D---- C:\Users\Marek\AppData\Roaming\Skype
2010-10-28 18:03:17 ----D---- C:\Windows\rescache
2010-10-28 16:24:31 ----D---- C:\Windows\Microsoft.NET
2010-10-28 16:23:54 ----RSD---- C:\Windows\assembly
2010-10-28 15:40:40 ----D---- C:\Users\Marek\AppData\Roaming\skypePM
2010-10-28 01:22:32 ----D---- C:\Windows\ehome
2010-10-28 01:22:26 ----D---- C:\Windows\AppPatch
2010-10-26 22:47:39 ----D---- C:\Program Files\Common Files
2010-10-20 17:05:11 ----D---- C:\Program Files\Ask.com
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-15 23:27:58 ----D---- C:\Program Files\Opera
2010-10-15 15:24:42 ----D---- C:\ProgramData\nView_Profiles
2010-10-15 13:11:20 ----D---- C:\Windows\system32\migration
2010-10-15 13:11:20 ----D---- C:\Program Files\Internet Explorer
2010-10-15 13:11:19 ----D---- C:\Program Files\Windows Media Player
2010-10-15 09:56:52 ----D---- C:\Users\Marek\AppData\Roaming\Adobe
2010-10-15 09:06:34 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-04 435736]
R0 PBADRV;PBADRV; C:\Windows\system32\DRIVERS\PBADRV.sys [2008-06-04 26608]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-07-09 45200]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R0 stdflt;Disk Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 DVMIO;DVMIO; \??\D:\Program Files\Dell\Reader 2.0\dvmio.sys [2009-07-10 16984]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 GizmoDrv;Gizmo Device Driver; C:\Windows\system32\drivers\GizmoDrv.sys [2010-08-26 23624]
R1 Haspnt;HaspNT; \??\C:\Windows\system32\drivers\Haspnt.sys [2009-01-13 11102]
R1 nltdi;nltdi; \??\C:\Program Files\NetLimiter 3\nltdi.sys [2010-08-30 5281672]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
R2 Hardlock;Hardlock; C:\Windows\system32\drivers\hardlock.sys [2006-11-22 693760]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35088]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 risdpcie;risdpcie; C:\Windows\system32\DRIVERS\risdpe86.sys [2010-03-21 59904]
R2 WavxDMgr;WavxDMgr; C:\Windows\system32\DRIVERS\WavxDMgr.sys [2010-01-14 211328]
R3 Acceler;Accelerometer Service; C:\Windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x86; C:\Windows\system32\DRIVERS\Apfiltr.sys [2010-05-13 255096]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-01-11 274472]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-01-11 88104]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2010-01-11 110632]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-01-11 18728]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
R3 cvusbdrv;Dell ControlVault; C:\Windows\System32\Drivers\cvusbdrv.sys [2009-11-03 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k6232.sys [2009-12-10 214696]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM); C:\Windows\system32\DRIVERS\vrtaucbl.sys [2010-09-26 40576]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2009-09-17 41088]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit; C:\Windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys [2010-08-30 5230088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver; C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 37280]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-07-06 91168]
R3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-07-06 32800]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2010-04-05 423424]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2010-08-05 111312]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 rimspci;rimspci; C:\Windows\system32\DRIVERS\rimspe86.sys [2010-03-21 48640]
S2 rixdpcie;rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [2010-03-21 38912]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 CtAudDrv;Provides advanced audio effects for audio devices.; \??\C:\Windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\plugins\UI\safedrv.sys []
S3 NAL;Nal Service ; \??\C:\Windows\system32\Drivers\iqvw32.sys [2009-10-14 30880]
S3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys [2010-08-30 5230088]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-07-19 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2010-08-05 31824]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]
R2 Apache2.2;Apache2.2; C:\Phoenix\Devel\Apache\bin\httpd.exe [2010-07-30 24645]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-01-08 628000]
R2 buttonsvc32;Dell ControlPoint Button Service; c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-12-17 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-12-17 27040]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 dcpsysmgrsvc;Správce systému Dell ControlPoint System Manager; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-12-10 386848]
R2 DvmMDES;DeviceVM Meta Data Export Service; D:\Program Files\Dell\Reader 2.0\DVMExportService.exe [2009-08-03 327680]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-09-21 858384]
R2 Gizmo Central;Gizmo Central; C:\Program Files\Gizmo\gservice.exe [2010-08-26 31856]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 InstallFilterService;FF Install Filter Service; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-04-14 325656]
R2 MySQL;MySQL; C:\Phoenix\Devel\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Phoenix\Devel\MySQL Server 5.1\my.ini MySQL []
R2 nlsvc;NetLimiter 3 Service; C:\Program Files\NetLimiter 3\nlsvc.exe [2010-08-30 1085440]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-17 219752]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-09-21 473360]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe [2010-04-05 229458]
R2 TdmService;TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [2009-11-24 1148264]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-04-14 2533400]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
S2 tcsd_win32.exe;NTRU TSS v1.2.1.29 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2008-11-12 1273856]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2009-11-18 1032192]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-01-16 74392]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-20 1343400]

-----------------EOF-----------------





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:13:42, on 13.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Phoenix\Devel\Apache\bin\ApacheMonitor.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Opera\opera.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\cmd.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\mobsync.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Phoenix\Miranda\miranda32.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetBeans 6.9.1\bin\netbeans.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\trend micro\Marek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=cs&s=bsd
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 89.187.135.105 admin.art4promotion.com art4promotion.com
O1 - Hosts: 89.187.135.105 admin.mauring.cz mauring.cz
O1 - Hosts: 89.187.135.105 ceskytravnik2.cz admin.ceskytravnik2.cz
O1 - Hosts: 89.187.135.105 amigos3.com admin.amigos3.com www2.amigos3.com
O1 - Hosts: 89.187.135.105 nataliruden.cz cms.nataliruden.cz
O1 - Hosts: 89.187.135.105 ceve.cz cms.ceve.cz
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DellBtrEvent] D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [IR_SERVER] C:\Program Files\MSI\REALTEK DTV USB DEVICE\IR_SERVER.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RGSC] C:\Phoenix\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
O4 - HKCU\..\Run: [U36VRSFLG6] C:\Users\Marek\AppData\Local\Temp\Kqh.exe
O4 - HKCU\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Phoenix\Devel\Apache\bin\ApacheMonitor.exe
O4 - Global Startup: Správce systému Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\MSI\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Phoenix\Devel\Apache\bin\httpd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Správce systému Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Gizmo Central - Arainia Solutions - C:\Program Files\Gizmo\gservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MySQL - Unknown owner - C:\Phoenix\Devel\MySQL.exe (file missing)
O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 14611 bytes

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Z0MBie]

Bohužel, ComboFix si také nespustím. .
Na této chybě se combofix totálně zasekne, když dám "Zavřít", tak na mne ta hláška vyskočí opět. A takhle to jde až do alelujá..

[Rudy]

Zkuste to v nouz. režimu, příp. CF přejmenujte třeba na cokoli.com a zkuste spustit.

[Z0MBie]

Přejmenování ani nouzový režim nepomohlo. Podle mně mám někde rozsekané nastavení těch policies pro spouštění programů. Zkoušel jsem o tom i něco googlit, ale bohužel bezvýsledně :-/

[Rudy]

Zkuste obnovu systému k datu, kdy korektně fungoval. Pak se pokusíme provést odvirování.

[Z0MBie]

V obnovení jsem měl nejstarší bod z předvčerejška, když jsem ho spustil, tak jsme se dostal do stavu, kdy na tom počítači nemůžu udělat už prakticky nic. Jako dobré řešení problém s nemožností spustit cokoliv se nakonec ukázalo založit si nový uživatelský účet a fungovat pod ním. Horko-těžko se mi teda nakonec podařilo spustit ten Combofix a tady je log:

ComboFix 10-11-12.04 - Nemrtvej 13.11.2010 14:39:51.2.4 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3318.2432 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: ComboFix
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Marek\AppData\Roaming\chrtmp
c:\windows\system32\853ADC3025.dll
c:\windows\system32\sqlite3.dll
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-13 do 2010-11-13 )))))))))))))))))))))))))))))))
.

2010-11-13 13:49 . 2010-11-13 13:49 -------- d-----w- C:\Device
2010-11-13 13:48 . 2010-11-13 13:48 -------- d-----w- c:\users\Marek\AppData\Local\temp
2010-11-13 13:48 . 2010-11-13 13:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-13 13:11 . 2010-11-13 13:24 -------- d-----w- c:\users\Nemrtvej
2010-11-13 10:10 . 2010-11-13 12:36 -------- d-----w- c:\program files\trend micro
2010-11-13 10:10 . 2010-11-13 10:11 -------- d-----w- C:\rsit
2010-11-12 16:38 . 2010-11-12 16:38 -------- d-----w- c:\users\Marek\AppData\Local\ESET
2010-11-12 14:21 . 2010-11-13 12:36 -------- d-----w- c:\program files\TNod User & Password Finder
2010-11-12 14:20 . 2010-11-12 14:20 -------- d-----w- c:\program files\ESET
2010-11-09 22:11 . 2010-11-09 22:11 -------- d-----w- c:\users\Marek\AppData\Local\Activision
2010-11-09 17:28 . 2010-11-09 17:27 225280 ----a-w- c:\windows\Kjewea.exe
2010-11-09 15:00 . 2010-11-11 14:12 -------- d-----w- c:\users\Marek\.designer
2010-11-09 07:12 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB99D5A3-039D-43CD-ABB4-E00287ED4023}\mpengine.dll
2010-11-01 18:28 . 2010-11-01 21:07 -------- d-----w- c:\users\Marek\AppData\Roaming\DJJava
2010-11-01 18:28 . 2010-11-01 18:28 -------- d-----w- c:\programdata\Protexis
2010-11-01 18:27 . 2010-11-01 18:27 -------- d-----w- c:\program files\decomp
2010-10-29 15:46 . 2010-10-29 15:46 -------- d-----w- c:\program files\Spectrum Software
2010-10-29 15:36 . 2010-10-29 15:36 -------- d-----w- c:\program files\HaspEmulPE.XP
2010-10-29 15:32 . 2009-01-13 22:57 6656 ----a-w- c:\windows\system32\drivers\HASPVDD.DLL
2010-10-29 15:32 . 2009-01-13 22:57 383 ----a-w- c:\windows\system32\drivers\HASPDOS.SYS
2010-10-29 15:27 . 2006-11-22 08:01 693760 ----a-w- c:\windows\system32\drivers\hardlock.sys
2010-10-29 15:27 . 2010-10-29 15:27 6656 ----a-w- c:\windows\system32\haspvdd.dll
2010-10-29 15:27 . 2010-10-29 15:27 383 ----a-w- c:\windows\system32\haspdos.sys
2010-10-29 15:27 . 2009-01-13 22:57 11102 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2010-10-29 15:26 . 2010-11-03 22:26 -------- d-----w- c:\program files\MC9
2010-10-28 14:01 . 2010-10-28 14:01 -------- d-----w- c:\users\Marek\AppData\Roaming\WebApps
2010-10-28 14:00 . 2010-10-28 14:01 -------- d-----w- c:\users\Marek\AppData\Roaming\Prism
2010-10-28 14:00 . 2010-10-28 14:01 -------- d-----w- c:\users\Marek\AppData\Local\Prism
2010-10-28 13:08 . 2010-10-28 13:08 -------- d-----w- c:\users\Marek\.m2
2010-10-28 09:16 . 2010-10-28 09:16 -------- d-----w- c:\users\Marek\AppData\Local\Locktime
2010-10-27 18:49 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 18:49 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 18:49 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 18:49 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 18:49 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-26 21:49 . 2010-10-26 21:49 -------- d-----w- c:\users\Marek\AppData\Roaming\PDF Writer
2010-10-26 21:49 . 2010-10-26 21:49 -------- d-----w- c:\users\Marek\AppData\Local\PDF Writer
2010-10-26 21:49 . 2010-10-26 21:49 -------- d-----w- c:\programdata\PDF Writer
2010-10-26 21:48 . 2009-07-14 01:15 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2010-10-26 21:47 . 2010-10-26 21:47 -------- d-----w- c:\program files\Common Files\Bullzip
2010-10-26 21:47 . 2008-07-09 22:19 103424 ----a-w- c:\windows\system32\bzDCT.dll
2010-10-26 21:47 . 2010-09-27 13:27 135168 ----a-w- c:\windows\system32\bzpdfc.dll
2010-10-26 21:47 . 2008-10-30 21:15 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2010-10-26 21:47 . 2010-09-27 13:28 196096 ----a-w- c:\windows\system32\bzpdf.dll
2010-10-26 21:47 . 2010-10-26 21:47 -------- d-----w- c:\program files\Bullzip
2010-10-26 21:47 . 1999-05-06 22:00 140288 ----a-w- c:\windows\system32\comdlg32.OCX
2010-10-22 19:09 . 2010-10-22 19:09 -------- d-----w- c:\program files\NetLimiter 3
2010-10-22 19:09 . 2010-10-22 19:09 -------- d-----w- c:\programdata\Locktime
2010-10-20 10:04 . 2010-10-20 10:08 -------- d-----w- c:\program files\BulletProof FTP Server 2010
2010-10-17 21:07 . 2010-10-17 21:07 -------- d-----w- c:\program files\WinSCP
2010-10-17 16:09 . 2010-10-17 16:09 -------- d-----w- c:\program files\Ghostgum
2010-10-16 16:51 . 2010-10-16 16:51 -------- d-----w- c:\program files\ophcrack

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 13:20 . 2010-08-19 14:00 0 ----a-w- c:\users\Marek\AppData\Local\WavXMapDrive.bat
2010-10-19 09:41 . 2010-08-19 14:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-12 19:24 . 2009-07-13 23:11 43088 ----a-w- c:\windows\system32\drivers\pcw.sys
2010-10-10 20:24 . 2010-10-10 20:24 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-10 20:24 . 2010-10-10 20:24 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-29 22:10 . 2010-09-29 22:09 84004672 ----a-w- c:\users\Marek\AppData\Roaming\VIDEO_DRVR_WIN_R267781.EXE
2010-09-26 18:25 . 2010-09-26 18:25 40576 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2010-09-22 14:44 . 2010-07-18 21:12 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 16:14 . 2010-09-15 16:14 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-09-08 04:30 . 2010-10-14 11:28 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-14 11:28 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-14 11:28 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-14 11:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-14 11:28 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-14 11:28 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-14 11:28 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-14 11:28 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-30 12:24 . 2010-08-30 12:24 5230088 ----a-w- c:\windows\system32\drivers\nlndis.sys
2010-08-27 05:46 . 2010-10-14 11:28 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-14 11:28 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-14 11:28 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-14 11:28 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-26 08:30 . 2010-08-26 08:30 23624 ----a-w- c:\windows\system32\drivers\gizmodrv.sys
2010-08-26 04:39 . 2010-10-14 11:28 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36 . 2010-10-14 11:28 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:36 . 2010-10-14 11:28 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33 . 2010-10-14 11:28 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32 . 2010-09-15 10:42 316928 ----a-w- c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-13 288112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]
"nwiz"="nwiz.exe" [2010-04-15 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-17 13838952]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-04-17 92776]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-04-14 112152]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-01-14 147328]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-14 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"DellBtrEvent"="d:\program files\Dell\Reader 2.0\DellBtrEvent.exe" [2009-08-25 147456]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-07-08 413827]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 828704]
Monitor Apache Servers.lnk - c:\phoenix\Devel\Apache\bin\ApacheMonitor.exe [2010-7-30 41051]
Spr vce syst‚mu Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-12-10 1327392]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2009-11-24 132456]
TMMonitor.lnk - c:\program files\MSI\TotalMedia 3.5\TMMonitor.exe [2010-9-7 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"Backup_DisableCAD"= undefined
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^Marek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk]
path=c:\users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerMenu.lnk
backup=c:\windows\pss\PowerMenu.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-20 07:10 136176 ----atw- c:\users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe

R1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.0\dvmio.sys [2009-07-10 16984]
R1 GizmoDrv;Gizmo Device Driver; [x]
R1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2010-08-30 5281672]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-08-05 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-08-05 41936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-03-21 48640]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-03-21 38912]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-01-11 274472]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-11-03 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-12-10 214696]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2010-09-26 40576]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
R3 netr28u;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NETw5s32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 5230088]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 5230088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-07-13 37280]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-07-06 91168]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-07-06 32800]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-08-05 100496]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-08-05 111312]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-08-05 31824]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-20 1343400]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d511891fb5bff1e2\aestsrv.exe [2010-04-05 81920]
R4 Apache2.2;Apache2.2;c:\phoenix\Devel\Apache\bin\httpd.exe [2010-07-30 24645]
R4 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]
R4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-12-17 812448]
R4 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-12-17 27040]
R4 dcpsysmgrsvc;Správce systému Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-12-10 386848]
R4 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.0\DVMExportService.exe [2009-08-03 327680]
R4 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [2010-08-26 31856]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 136176]
R4 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R4 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [2010-01-10 60928]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-04-14 2533400]
S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdfltn.sys [2010-01-18 17072]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-03-21 59904]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-01-18 42672]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 19:49]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-10 19:49]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4123626388-2286366979-2164033099-1000Core.job
- c:\users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-20 07:10]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4123626388-2286366979-2164033099-1000UA.job
- c:\users\Marek\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-20 07:10]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=cz&l=cs&s=bsd
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath -

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-IR_SERVER - c:\program files\MSI\REALTEK DTV USB DEVICE\IR_SERVER.exe
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-Metropolis - c:\windows\system32\sshnas21.dll
MSConfigStartUp-RGSC - c:\phoenix\Games\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-U36VRSFLG6 - c:\users\Marek\AppData\Local\Temp\Kqh.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86838446]<<
c:\windows\system32\DRIVERS\stdfltn.sys ST Microelectronics Disk Filter Driver for Accelerometer
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8683e504]; MOV EAX, [0x8683e580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82440458] -> \Device\Harddisk0\DR0[0x86813598]
3 CLASSPNP[0x8B9DA59E] -> ntkrnlpa!IofCallDriver[0x82440458] -> [0x86813AF0]
5 stdfltn[0x8BBFD70C] -> ntkrnlpa!IofCallDriver[0x82440458] -> [0x85C85D50]
7 ACPI[0x8B2B93B2] -> ntkrnlpa!IofCallDriver[0x82440458] -> \IAAStorageDevice-1[0x85C97028]
\Driver\iaStor[0x868224F0] -> IRP_MJ_CREATE -> 0x86838446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskWDC_WD3200BEKT-75A25T0__________________01.01A01#4&325a58d2&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\phoenix\Devel\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\phoenix\Devel\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(1784)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\conhost.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Celkový čas: 2010-11-13 15:02:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-13 14:02

Před spuštěním: Volných bajtů: 57 915 281 408
Po spuštění: Volných bajtů: 57 900 867 584

- - End Of File - - 0B7060969495489DCAFF128D9A5847A1

[Z0MBie]

Combofix mi totálně oddělal možnost přihlásit se do systému (při pokusu o zadání hesla a odenterování na logon screenu mi to oznámio, že "požadavek není podporován").
Nakonec jsem skončil u toho, že jsem si nahrál opět zavirovaný bod obnovení, ihned po obnově nabootoval na windows live cd (BartPE) a smazal položky uvedené v logu ComboFixu v kolonce Ostatní výmazy.
Můj aktuální stav je takový, že mi stále a pořád nejde zapínat v total commanderu exáče ("Při vykonávání programu došlo k chybě"). V podstatě nevím, co s tím teď dělat. Do formatu disku se mi rozhodně nechce a představa, že mi combofix opět odstřihne od možnosti přihlásit se do systému jinak než v nouzáku mne taky nevzrušuje..
Máte prosím ještě nějaké návrhy?

[Rudy]

Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Dejte log.

[Z0MBie]

Běžel mi nadvakrát, poprvé našel po chvíli nějakou havěť v paměti a chtěl restart. Podruhé vyhrabal toto.

Automatická kontrola: dokončeno před 1 min. (události: 18, objekty: 764498, čas: 01:27:38)
13.11.2010 19:46:09 Úloha byla spuštěna
13.11.2010 20:00:42 Zjištěno: not-a-virus:AdWare.Win32.AdMedia.jb C:\Bordel\ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ\ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ\TNODUP a MiNODLogin + Hotfix\TNODUP\TNODUP Setup.exe/data0008
13.11.2010 20:00:43 Odstraněno: not-a-virus:AdWare.Win32.AdMedia.jb C:\Bordel\ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ\ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ\TNODUP a MiNODLogin + Hotfix\TNODUP\TNODUP Setup.exe
13.11.2010 20:00:52 Zjištěno: not-a-virus:AdWare.Win32.AdMedia.or C:\Bordel\ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ\ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ\TNODUP a MiNODLogin + Hotfix\TNODUP\TNod User & Password Finder\TNODUP.exe
13.11.2010 20:01:57 Odstraněno: not-a-virus:AdWare.Win32.AdMedia.or C:\Bordel\ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ\ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ\TNODUP a MiNODLogin + Hotfix\TNODUP\TNod User & Password Finder\TNODUP.exe
13.11.2010 20:02:23 Zjištěno: not-a-virus:AdWare.Win32.AdMedia.or C:\Bordel\ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ.rar/ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ/TNODUP a MiNODLogin + Hotfix/TNODUP/TNod User & Password Finder/TNODUP.exe
13.11.2010 20:02:23 Neošetřeno: not-a-virus:AdWare.Win32.AdMedia.or C:\Bordel\ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ.rar/ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ/TNODUP a MiNODLogin + Hotfix/TNODUP/TNod User & Password Finder/TNODUP.exe Zápis není podporován
13.11.2010 20:04:42 Zjištěno: not-a-virus:AdWare.Win32.AdMedia.jb C:\Bordel\ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ.rar/ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ/TNODUP a MiNODLogin + Hotfix/TNODUP/TNODUP Setup.exe/data0008
13.11.2010 20:04:42 Neošetřeno: not-a-virus:AdWare.Win32.AdMedia.jb C:\Bordel\ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ.rar/ESET NOD32 Antivirus 4 v4.2.64.12 100 Works Licence 32bit a 64bit CZ/TNODUP a MiNODLogin + Hotfix/TNODUP/TNODUP Setup.exe/data0008 Zápis není podporován
13.11.2010 20:18:18 Zjištěno: Trojan.Win32.Buzus.fpzr C:\Bordel\ruby-tla.exe/data0002
13.11.2010 20:23:08 Odstraněno: Trojan.Win32.Buzus.fpzr C:\Bordel\ruby-tla.exe
13.11.2010 20:54:09 Zjištěno: Packed.Win32.Katusha.o C:\Qoobox\Quarantine\C\Windows\system32\sshnas21.dll.vir
13.11.2010 20:54:16 Odstraněno: Packed.Win32.Katusha.o C:\Qoobox\Quarantine\C\Windows\system32\sshnas21.dll.vir
13.11.2010 21:13:39 Zjištěno: Packed.Win32.Katusha.o C:\_blechz\sshnas21.dll
13.11.2010 21:13:39 Zjištěno: Packed.Win32.Katusha.o C:\_blechz\Kjewea.exe
13.11.2010 21:13:39 Odstraněno: Packed.Win32.Katusha.o C:\_blechz\sshnas21.dll
13.11.2010 21:13:45 Odstraněno: Packed.Win32.Katusha.o C:\_blechz\Kjewea.exe
13.11.2010 21:13:47 Úloha byla dokončena

[Rudy]

V podstatě smazáno. Jak se nyní PC tváří?

[Z0MBie]

Ve svý podstatě je to stále "rozbitý".

Kvůli těmhle problémům jsem si založil druhý uživatelský účet.
Na prvním z nich nemohu spustit v total commanderu žádné .exe (například při pokusu o spuštění miranda32.exe mi to napíše, že Program provedl neplatnou operaci a bude ukončen).
Pokud pomocí konzole spustím nějaký program, který se uvnitř snaží spouštět další (například onen ComboFix), tak mi to napíše tu chybovku o Internet Policies, kterou jsem tu už pastoval.
Pokud zapnu Průzkumníka, při pokusu o vlezení do nějakého adresáře / disku se dozvím, že "C:\ Aplikace nebyla nalezena". Přitom v TC mi cestování po discích normálně funguje.

Na nově vytvořeném účtu mi první dva body fungují korektně, přetrvává na něm pouze problém s Průzkumníkem.

[Rudy]

OK. Stáhněte MBR: http://www2.gmer.net/mbr/mbr.exe a uložte na plochu. Pak Start>spustit>(napsat) mbr.exe -f>OK. Pak dejte log.

[Z0MBie]

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD32 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK




Podle logu mi přijde, že to neudělalo nic. Takže jsem nezkoušel, zda mi už fungují ty tři bugy..

[Rudy]

Oznámil, že nemáte TDL rootkit. Zkuste ještě TDSS remover: http://translate.googleusercontent.com/ ... -gJU6t8W9g .